Cryptography Reference
In-Depth Information
circuit etching is gallium, which sets the lower bound for the etching accuracy to
roughly 0.135 nm. It is also possible to perform the deposition of both insulating
layer and conducting material, although the cost of the FIB station equipped with
multi-material ion sources is even higher.
In Table
16.1
we recap the mentioned techniques regarding high-budget attacks,
providing a summary of their features.
16.2.2 Low-Cost Fault Injection Techniques
We can consider “low cost” injection technologies as all the technical options avail-
able to an attacker which require less than 3,000 euros of equipment in order to set
up the workbench at the present time. This budget is well within the financial means
of a single motivated attacker, and thus these fault injection techniques should be
considered as a serious threat to the implementations of a secure chip, since they can
successfully inject faults. Low-cost techniques are not able to achieve the precision,
in time or space, reachable with more expensive techniques. This in turn implies
that, instead of injecting a small number of very precise faults, the attacker collects a
massive number of faulty computations and selects which ones actually yield useful
information for retrieving the secret parameters, provided the attack technique has a
distinguisher for exploitable faults.
The fault injection technique we will analyze in detail in Sect.
16.3
, is the constant
under-powering of a computing device. By running the chip with a depleted power
supply, the attacker is able to insert transient faults starting from single-bit errors and
becoming more and more invasive as the supply voltage gets lower. The errors appear
as single-bit setup failures in the latches of the circuit, due to the slower transition
speed of the most current demanding lines (usually those leaving long combinatorial
cones). On the one hand, this leads to high accuracy in the spatial pattern of the
error, which tends to repeat with nearly perfect precision. On the other hand, since
no timing or synchronization controls are employed, faults cannot be injected a
precise time segment of the running algorithm. Since this technique does not involve
precise timing for the reduction of the feeding voltage, the faults tend to uniformly
happen over the whole computation of the targeted device, thus forcing the attacker
to discard the erroneous results which do not fit his attack model for the specific
cipher. This methodology is reported to be effective also on large-scale integrated
circuits [23, 24] such as the ARM9 described in Sect.
16.3
. The underfeeding is
achieved by employing a tunable precision power supply unit to feed the device
with a different voltage and requires the attacker to be able to tap into the power
supply line (which is usually exposed on the PCB). This requires only basic skill
and can be easily achieved in practice without leaving evidence of tampering on the
device. Moreover, no knowledge of the implementation details of the platform is
needed, since it is possible to profile the behavior of the device when it is operating
in fault inducing conditions, and to infer the injected fault model. The technological
limit of this technique is represented by the fact that low-power devices exhibit higher
